View at Official ubuntu advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-3176 medium priority: Ubuntu including 1 source packages (salt), 20 status rows across 20 suites (artful, bionic, cosmic, disco, focal, jammy, kinetic, lunar, mantic, noble, oracular, plucky, precise, questing, trusty, upstream, wily, xenial, yakkety, zesty): not-affected 9, DNE 8, released 2, ignored 1.
Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.